There has recently been a lot of development in the field of mobile point-of-sale, MPOS, solutions. A MPOS solution, that may alternatively be referred to as a MPOS device, allows a merchant to use a mobile device as a point-of-sale, POS, terminal for performing payment transactions. Suitable such MPOS mobile solutions are typically multi-purpose mobile computing platforms and include feature phones, smart phones, tablets, and PDAs.
Advantages of merchants using a MPOS solution for performing transactions include the following:                Lower total cost of ownership. A MPOS solution can be offered either for free or at a very low cost. Many merchants already own suitable mobile solutions so they can avoid additional costs that would be incurred from purchasing, deploying and maintaining a MPOS terminal.        Greater portability and ease of use. These are important factors, in particular for merchants with no fixed place of business.        More flexible software development platforms. Flexible software development platforms can be integrated with existing and future systems.        Better user interfaces for both the merchant and the customer.        Simplicity and interoperability of the MPOS solution.        
A known way of providing a merchant with a MPOS solution is through the use of a MPOS card reader accessory. A MPOS card reader accessory attaches to a port of a mobile device, such as the audio port, USB port or a proprietary connector on the mobile device. It is also possible for a MPOS card reader accessory to connect to the mobile device via Bluetooth. Accessories provide for magnetic stripe, EMV (Europay®, Mastercard® and Visa®) chip and contactless acceptance, and are sometimes referred to as “dongles” or “sleeves”.
An example of a MPOS card reader accessory being used with a merchant's mobile device and a customer's card is shown in FIG. 1a. 
Another implementation of MPOS is integrated contactless MPOS, IC-MPOS. IC-MPOS allows contactless transactions via a near field communication (NFC) antenna within the merchant's mobile device with, for example, a suitably enabled customer's mobile device that is being used in place of a standard payment card or a contactless payment card.
FIG. 1b shows mobile devices for an IC-MPOS transaction. Payment is possible between a merchant's mobile device and a customer's mobile device over a wireless communication link.
Before IC-MPOS is considered in more detail, a brief overview of the parties and service providers in a payment system is provided.
In order to correctly perform a financial transaction, it is necessary to correctly manage the information transfer between cardholders, issuers, acquirers, payment facilitators merchants and/or sub-merchants.
MPOS solution providers may offer their products to merchants via the traditional acquiring channel. In these cases, the merchant maintains a direct relation with a licensed acquirer and simply uses the MPOS solution as an alternative to the traditional POS terminal.
Alternatively, MPOS solution providers may make use of the payment facilitator model, such as the MasterCard® payment facilitator model shown in FIG. 2. In such a model, the payment facilitator has a direct merchant agreement with a licensed acquirer. The payment facilitator sells services to sub-merchants and manages the settlement of funds.
Information transfer between all of the different parties and service providers must be correctly managed and adhere to specific rules, requirements and laws.
Although the above has been described with reference to MasterCard®, it will be understood that other service providers implement similar models and face similar problems, namely how to correctly manage the transfer of information within a payment system.
One of the most important considerations when implementing IC-MPOS, is to ensure that the security of sensitive information and the integrity of processing is maintained and the system is not vulnerable to being attacked by malicious parties.
Unlike a dedicated POS device, a mobile device is far more vulnerable to malware and unauthorised software modifications. An IC-MPOS solution provider, or service provider, is required to support a very large number of different mobile devices, from unknown sources, that also execute other applications unknown to, and unauthorised by, the IC-MPOS provider.
Attacks may be performed during any of the logon, initialization, transaction processing and logout phases of a mobile device in an IC-MPOS system of an IC-MPOS solution.
Modifications to an IC-MPOS system by a malicious party may be with the aim of:                Capturing or modifying transaction data (Man In the Middle)        Acting as a relay attack to non MPOS merchants        Acting as a relay attack from MPOS merchantsThe above list is not exhaustive and other malicious actions exist.        
Modifications can be done on                the front-end software i.e. the software responsible for providing the interaction with the card and the customer,        the back-end software i.e. the software responsible for interacting with the Server and the Merchant,        a combination of the above.        
The entity performing the modifications can be:                the Merchant        the customer        a 3rd party        
A fraudulent Merchant is a known threat. For regular brick-and-mortar shops, the acquirer would shut down the Merchant but this may be more difficult for MPOS. The non-fraudulent nature of the Merchant needs to be ensured by the Logon and/or transaction processes.
If the customer is the actual fraudster, then a distinction is drawn between (in order of priority):    (1) Fraud committed with a fake card.    (2) Fraud committed with a genuine stolen card. The protection against lost and stolen has to come from the card and the issuer. To protect the Merchant, we have to ensure that CVM cannot be bypassed when transactions are above the CVM limit.            Bypassing CVM can be done through                    Manipulation of the Terminal so that it uses “No CVM” for the transaction.            Faking the CVM                            Signature—up to the Merchant, there is little that can be done from a technical perspective                m-PIN—a discrepancy between Terminal's view and the card's view on CVM can be detected by                                    validating the CDA signature (by MPOS)                    checking the CVR (by issuer)                                                                                    (3) Fraud committed with a genuine card that is in the hands of the rightful owner (first party fraud)—once detected, it can be traced back to the fraudster and the specific account; so easy to contain.
For 3rd party fraud, this is best prevented by strong authentication and data encryption.
No known IC-MPOS systems have strong security features and have strong resistance against the above-described fraudulent activities.
A further problem is that when implementing an IC-MPOS system, the mobile device used by the merchant must be allowed to run other applications that support its user interface and other functions of the mobile device. An IC-MPOS application is required to operate on the mobile device through its main and terminal applications. However, there is other software executed by the mobile device that is not known to, authorised by, and cannot be trusted by the server supporting payments with the mobile device. Protection is therefore required from other applications on the mobile device as these may contain malware.
In addition, there are known systems that transmit unpredictable numbers in communications in order to improve their security. However, such known systems can have their security compromised by the transmitted unpredictable numbers actually being predictable by a malicious party.
The documents listed in Tables 1, 2 and 3 are relevant to the implementation of payment systems, in particular contactless payment systems, and are incorporated herein in their entirety by reference.
TABLE 1ReferenceDocument Title[EMV Book 2]Integrated Circuit Card Specifications for PaymentSystems-Book 2, Security and Key Management,Version 4.3, November 2011[EMV Book 3]Integrated Circuit Card Specifications for PaymentSystems-Book 3, Application Specification, Version 4.3, November 2011[EMV Book 4]Integrated Circuit Card Specifications for PaymentSystems-Book 4,Cardholder, Attendant, andAcquirer Interface Requirements, Version 4.3,November 2011[EMV Book A]EMV Contactless Specifications for Payment Systems, Book A-Architecture and General Requirements, Version 2.2[EMV Book D]EMV Contactless Specifications for Payment Systems, EMV Contactless Communication ProtocolSpecification, Version 2.2[READER]EMV Contactless Specifications for Payment Systems, Book C-2 Kernel 2 Specification Version 2.2 June 2012; available from emvco.com website[ISO/IEC 7816-4]Identification cards-Integrated circuit(s) cards withcontacts-Part 4: Organization, security and commands for interchange[ISO/IEC 19772]Information technology-Security techniques-Authenticated encryption. ISO/IEC FDIS 19772, 2008 Jul. 04[ISO/IEC 18033-2]Information technology-Security techniques-Encryption algorithms-Part 2: Asymmetric ciphers[ISO/IEC 9797-2]Information technology-Security techniques-Message Authentication Codes (MACS)-Part 2:Mechanisms using a dedicated hash-function[IETF RFC4226]HOTP: An HMAC-Based One-Time Password Algorithm IETF RFC 4226, December 2005
TABLE 2DocumentContentmastercard.com/corporate/mpos.htmlDetails on the MasterCard ®Mobile Point of Sale (MPOS)Programmastercard.com/us/companyMasterCard ® best practices/en/docs/MasterCard_Mobile_Point_Of_for Mobile Point of SaleSale_Best Practices.pdfAcceptance
TABLE 3DocumentContentpcisecuritystandards.org/documents/PCI Mobile Payment Mobile%20Payment%20Security%20Guidelines%Acceptance Security 20v1%200.pdfGuidelines